Craig Thomler's professional blog - eGovernment and Gov 2.0 thoughts and speculations from an Australian perspective

Craig Thomler

I've worked in the online sector since 1995 in roles including founder, publisher, journalist, webmaster, marketer, channel manager, CIO, COO and visionary. I left the public sector in early 2012 to lead Delib Australia as Managing Director Australia and New Zealand. More...

Tuesday, March 08, 2011

There's still many government online forms and consultation systems that don't make use of 'human recognition' tools such as CAPTCHA to help verify that the people filling in the forms are humans and reduce the attractiveness of online government forms to large-scale automated attacks by bot-armies.

However, even where government has added CAPTCHA security, I've yet to see an instance where this has been used for good, as well as security.

CAPTCHA, for those unfamiliar, is a technology whereby, when completing an online form, the user is asked to type in one or more words or calculate the product of a sum before submitting their response. The words or sum are presented in an image with 'background static' designed to make it hard for a computer to read.

In most cases, humans are able to decipher and type in the correct response whereas automated form completion systems, often used for spamming, are not.

These systems are not perfect, however they do increase the barriers to hackers, reducing the prospect for spam submissions or attacks.

They also add a little time to each submission attempt - possibly ten seconds. This is negligible to an individual (in most circumstances), however as millions of people complete CAPTCHA forms each day, this adds up to a lot of time overall.

Initially CAPTCHA tools just presented random words, however a system supported by Google is supporting organisations to 'do good' as well as improve their security.

Named ReCAPTCHA, the system has integrated the work being done to digitalise books and documents. Rather than using random words, users are presented with words that computers could not understand during the document digitalisation process.

Each time a user completes a ReCAPTCHA, they are helping to decipher and digitalise the world's literature and records - preserving it into the digital age.

Assuming an average of two words per ReCAPTCHA, and each being repeated many times in order to validate the entry, there's a miniscule contribution by any particular individual.

However if, for example, 50 million people each verify themselves using ReCAPTCHA each day, with each set of two words presented ten times on average, a total of 10 million words in old documents and books that have been deciphered and correctly digitalised. Each day. That's 3.6 billion words per year.

So if your organisation isn't using CAPTCHA security on forms, or even if you are using a custom CAPTCHA technology, you might wish to consider exploring the use of ReCAPTCHA - which is free to reuse from Google.

4 comments:

In commenting on this blog, I had to answer a captcha (not recaptcha?)When typing the word my iPhone wanted first to capitalise what I typed, then to autocorrect it to a different word. I'd rather integrate with an antispam service (like akismet) than ask users to answer captchas. Or just delete the spam! Note that certain forms (forums, comments and feedback in particular) are most likely to attract spam. Just another consideration before captchas proliferate across government sites :)

Legal DisclaimerThis is a personal blog. It is not officially endorsed by the Australian Government. The views expressed are those of the author or originators and do not necessarily reflect the views of the Australian Government or any other individuals or organisations.